At Zebra Adventures we know how important privacy is. We will always be clear about why we need the details we ask for and ensure your personal information is kept as secure as possible. How we do this is explained below.
We will always be clear about why we need the details we ask for and ensure your personal information is kept as secure as possible. This policy explains how we do that.
Zebra Adventures is registered as a data controller with the Information Commissioner’s Office (ICO).
Zebra Adventures (“we”, “us”) are committed to protecting your privacy. We comply with the principles of the General Data Protection Regulation (“GDPR”) and associated data protection legislation. We aim to maintain best-practice standards in our processing of personal and/or special category personal data (this is also referred to as sensitive personal data).
2. How we use your information
We use the information we receive from you, together with information we have obtained from our dealings with you (including in relation to goods and/or services we provide to you and/or your use of those goods and/or services), to provide goods and/or services that you request, to communicate with you, and to personalise the information sent to you. Examples of how we may personalise information include working out which departure airports are near to you.
We do not sell, trade, or rent your personal information to others.
In order for us to provide you with our services we may ask you for your email address, full name, postal address, gender, telephone number, passport number (as well as the place of use, date of issue and expiry), citizenship, a copy of your passport, age, travel insurance details, insurance provider, policy number, copy of insurance document and fitness level.
We store all the information you provide to us, including information provided via forms you complete on our website, and information which we may collect from your browsing. Our server, in common with nearly all web servers, logs each page that is downloaded from the site. If you contact us electronically we may collect your electronic identifier, e.g. Internet protocol (IP) address or phone number supplied by your service provider. This is to identify the number of visits to our websites, fraudulent behaviour or mystery persons using our websites.
Our website may also use Google Analytics for analysis. It may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. The information collected does not include bank details or any sensitive personal data. The information collected is used to improve our website usability and is stored and used for aggregated and statistical reporting.
We ask for your home, mobile phone number, and email address to enable us to contact you in relation to an enquiry you have made, to contact you if there is a problem with your order, notifying you about important functionality changes to the website, or there is another genuine reason for doing so. For example, when you enter a contest or other promotional features, we use these details to administer the contest and notify winners.
Sometimes we may need to collect information that the law defines as special category data (also called sensitive personal data). This includes, but is not limited to, information about racial or ethnic origin, sexual orientation and health data. We will not collect or use these types of data without your consent unless the law allows us to do so. If we do, it will only be when it is necessary as determined by the law and the ICO.
Any new information you provide to us may be used to update an existing record we hold for you. If you provide a work email address we will not be responsible for third parties having access to any communications we send.
We collect credit or debit card details from you in order to pay for a service or product. We will keep such details secure and ensure that the details are only used further with your consent and/or for the purposes of any appropriate refunds.
In the event of phone calls from you, we also reserve the right to ask security questions (which we in our sole discretion deem appropriate) in order to satisfy ourselves that you are who you say you are.
3. Fraud Prevention and Credit Checks
To help us prevent fraud and money laundering, your details may be submitted to fraud prevention agencies and other organisations where your records may be searched.
Our own security procedures mean that we may occasionally have to request proof of identity.
4. Lawful bases for using your information
Before you provide any data to us we will endeavour to make it clear why we need it. Sometimes we may need a special category (sensitive) personal data for example we may need medical information if you ask us to book an easy access room due to a disability. When this is required, we will obtain your consent first, unless the information is necessary to provide the product or service requested by you. Without this information, we may not be able to fulfil the product or service you have requested.
A customer may properly give their spouse’s or partner’s consent over the phone or via the website provided the customer confirms they have permission to do so. If the consent is written, the spouse must independently endorse such consent via a counter signature.
We use the information you provide to us, either orally or in writing and the information we obtain from you through the use of our website, and as a result of our dealings with you (including any data we obtain from third parties) to provide the service requested by you. It may also be used for market research and statistical purposes.
We recognise that we have a legitimate interest in processing the personal data we collect about you for a number of reasons, including, but not limited to: marketing purposes, to enable us to enhance, modify, personalise, or otherwise improve our services, identify and prevent fraud, enhance and protect the security of our network and systems, and market research (e.g. determining the effectiveness of campaigns and the products/services we offer). “Legitimate interests” means the interests of our company in conducting and managing our business to enable us to give you the best service and most secure experience.
When we use your information for our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights. Where applicable, legitimate interest assessments are conducted to ensure that these rights are protected.
5. Keeping you informed about our products and services
When you contact us, we may ask for your permission to contact you about the products and services we offer. Where we have obtained your permission to do so we will contact you by telephone, email or other means to tell you about offers, products and services that may be of interest to you.
We also recognise that it is in our legitimate interests to send communications about our products and services, latest offers and rewards, so we may process your information to send you communications that are tailored to your interests.
At any time, you can opt-out of receiving such information, revise the products you would like to hear about or change the method we use to communicate with you. You can update these preferences by emailing us on email@example.com
We also use your personal information to make decisions about what products, services and offers we think you may be interested in. This is called profiling for marketing purposes. You can contact us at any time and ask us to stop using your personal information this way. If you allow it, we may show or send you marketing material online (on our own and other websites including social media), or by email or phone.
We make outbound phone calls for a number of reasons relating to our products. We are fully committed to the regulations set out by Ofcom and follow strict processes to ensure we comply with them.
6. Sharing your information
We do not sell, trade, or rent your information, and will never disclose information about you (including information obtained from our dealings with you) to third parties, except:
- a) where we have a legal interest in a company;
- b) to fulfil your specific orders for a product or service or information in the event that third parties deliver the relevant product or service or information. For example, if you go on holiday with us, the hotel needs to know who you are.
- c) where third parties administer part or all of the product or service;
- d) for testing purposes, and to maintain management information for business analysis.
We may, of course, be obliged at law to pass on your information to the police or any other statutory or regulatory authority and in some cases, exemptions may apply under relevant data protection legislation, whereby we can legitimately release personal data e.g. to prevent or detect crime or in connection with legal proceedings.
Subsequent to your purchase of a product or service, we may enter into an arrangement for that service to be provided by a new third party. If this happens, the terms and conditions of your contract with us will provide that you consent to the transfer and processing of personal and/or special category personal data to the new provider, subject to the requirements of the GDPR and associated legislation.
If we provide information to a third party (either a provider of a product or service or an external data processing agency such as a mailing house) we will exercise the strictest control over them contractually, requiring it and any of its agents and/or suppliers to:
- maintain the security and confidentiality of the information and restrict access to those of its own employees;
- use the data for the agreed purpose only and prevent it being used for any other purpose by any other party;
- refrain from communicating with you other than concerning the product in question;
- return the data to us at the conclusion of any contract term, and destroy or delete any copies made of all or any part of the information unless copies are needed to be kept to comply with regulations.
In addition, we will restrict the information disclosed to the absolute minimum necessary, for example, to provide the product or service.
7. Information sent outside the EEA
We provide products and services including holidays outside the EEA. Therefore, if you travel on such holidays the information you provide may occasionally be transferred outside the EEA. From time to time Zebra Adventures may use service providers and organisations outside the EEA for the purpose of processing services, system testing and maintenance.
It is worth noting, however, that some non-EEA countries do not afford the same level of data security as the UK. We will always use every reasonable effort to ensure sufficient protections are in place to safeguard your personal information.
8. Amendment and retention of information
Please advise us in writing as to any changes in your circumstances, or if you feel we hold inaccurate information about you so that we can update our records accordingly.
We will hold your personal information in accordance with the principles of the General Data Protection Regulation (and associated legislation) and in line with our Data Retention Policy. We are obliged and permitted by law and regulation to retain certain types of data for a minimum period of time. The minimum period of time tends to be for six years but can be longer if the statute or regulation requires.
9. Your rights
Access to your information: You have a statutory right of access to accessible personal and/or sensitive personal data that we hold about you. In order to exercise this right, your application must be in writing for security reasons. Please refer to the information you wish to see giving dates if possible. Please note that where relevant we may ask for proof of your identity.
We will not administer Subject Access Requests by a third party unless accompanied by a written authority of the individual who is the subject of the request.
We have one month to respond to a valid request.
Rights related to automated decision-making including profiling: We use the information we know about you to make decisions which inform our fraud prevention and the products and services we can offer. Automated decision making enables us to make efficient and fair decisions, providing a better service for our customers. Whilst you have the right to object to us using your information in this way, this could have an impact on the products or services we may be able to offer you. We use automated decision making in the following areas:
Tailoring our marketing communications – as mentioned previously, we use your personal information to make decisions about what products, services and offers we think you may be interested in. This ensures the communications you receive from us are tailored and relevant to your interests. You can opt-out of this at any time by contacting us at firstname.lastname@example.org
The right to erasure: you have the right to request that your personal data is erased and to prevent processing in specific circumstances which are detailed by the ICO.
The right to data portability: you have the right to obtain and reuse the personal data that you have provided to us for your own purposes which includes transferring it to other services.
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you feel your personal information has not been handled correctly. You can do this via https://ico.org.uk/concerns/ or by writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
From offers and promotions to sound and video, the aim of this site is to be interesting, helpful and informative. We are keen to find out what you like and dislike – your feedback plays a key role in helping us improve this site. We use many techniques to follow your use of the site and provide you with a customised experience. The main and best-known technique is by using what are known as ‘cookies’.
What are cookies?
Cookies are small data files that a website will put on your device. Some of these send information back to the website. They cannot affect your device, but they can collect information that can be used to enhance the site. For example, a cookie can remember the items that you have placed into your shopping basket, or it can ensure you get the offer you requested. These are known as ‘session’ cookies, which expire as soon as you leave the site. Other cookies can tell us if you come back. These are ‘persistent cookies’, which expire 3 years after your last visit unless you delete them from your device. We use them to customise the site – to do things such as display relevant information during your visit. Some cookies enable sites to work, while others help us learn about what people are browsing for.
- Analyse our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content and functions.
- Identify whether you are signed in to our website. A cookie allows us to check whether you are signed in to the site.
- Test content on our website.
- Store information about your preferences. The website can then present you with information you will find more relevant and interesting.
- To recognise when you return to our website. We may show your relevant content, or provide functionality you used previously.
Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.
Links to other sites
12. Data Protection
The Insurer is the controller of the personal data provided in relation to this Policy. The Insurer is registered with the Gibraltar Regulatory Authority (GRA) as a data controller and is listed on the Register of Data Controllers under registration number DP003699. The Insurer’s full Privacy Notice is available at www.evo-insurance.com/privacy
Updated: 09 February 2022